XML 103 R36.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
As a global company, we utilize and rely upon information technology systems in many aspects of our business, including internal and external communications and the management of our accounting, financial, production and supply chain functions. As we become more dependent on information technologies to conduct our operations, and as the number and sophistication of cyberattacks increase, the risks associated with cybersecurity increase. Failure to effectively anticipate, prevent, detect and recover from the increasing number and sophistication of cyberattacks could have a material adverse effect on our results of operations or financial condition. To our knowledge, we have not experienced any material cybersecurity incidents of our technology systems.
Mosaic’s cybersecurity program is comprised of people, processes and technology that are designed to adequately protect the confidentiality, integrity and availability of information technology systems and data. Mosaic has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk awareness. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. We have a Governance Risk and Compliance team which is a dedicated team within the cybersecurity department that focuses on identifying and mitigating cybersecurity and compliance risk. The team works closely with the Information Technology department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our Enterprise Risk Management committee, which is comprised of members of our executive leadership team, reviews and evaluates key risks identified through cybersecurity risk management processes. Mosaic develops and continues to refine mitigation plans that adhere to industry best practices.
Regularly, Mosaic engages external vendors to provide independent insight to overall cybersecurity program effectiveness and to assist with evaluating response preparedness. As part of our third-party risk oversight, we regularly review the vendor's ratings and conduct assessments and interviews with their personnel. The results are then reported to leaders in the Information Technology department.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Mosaic’s cybersecurity program is comprised of people, processes and technology that are designed to adequately protect the confidentiality, integrity and availability of information technology systems and data. Mosaic has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk awareness. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. We have a Governance Risk and Compliance team which is a dedicated team within the cybersecurity department that focuses on identifying and mitigating cybersecurity and compliance risk. The team works closely with the Information Technology department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our Enterprise Risk Management committee, which is comprised of members of our executive leadership team, reviews and evaluates key risks identified through cybersecurity risk management processes. Mosaic develops and continues to refine mitigation plans that adhere to industry best practices.
Regularly, Mosaic engages external vendors to provide independent insight to overall cybersecurity program effectiveness and to assist with evaluating response preparedness. As part of our third-party risk oversight, we regularly review the vendor's ratings and conduct assessments and interviews with their personnel. The results are then reported to leaders in the Information Technology department.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance
Board of Director Oversight
The Board of Directors oversees Mosaic’s Enterprise Risk Management program, and the Audit Committee is tasked with oversight of risk from cybersecurity threats. The Board receives an annual cybersecurity update while the Audit Committee receives reports from the Chief Information Security Officer (CISO”) and Chief Information Officer (CIO”) regularly. The reports to the Audit Committee include updates on key performance indicators and key risk indicators, including short-term, intermediate-term and emerging risks. The Audit Committee then briefs the Board on these matters. Ad hoc updates occur as needed.
Managements Role in Managing Risk
The Information Technology organization is led by the CIO who is responsible for cybersecurity and risk management, with oversight by the Audit Committee. The cybersecurity program is overseen by the Mosaic’s CISO and supporting
cybersecurity leadership, who lead teams to protect and preserve the confidentiality, integrity and continued availability of all information owned by, or in the care of, Mosaic.The CISO, along with the leadership team, possess many years of relevant Information Technology, cybersecurity and risk management experience in the manufacturing, electric, defense, financial and retail sectors. Educational backgrounds include advanced degrees and certifications, such as Certified Information Systems Security Professional. During the course of leadership team’s careers, they have built and sustained programs protecting other Fortune 500 companies, critical national infrastructure and military defense systems.
The CIO and CISO regularly update the Board and/or the Audit Committee on cybersecurity matters and the effectiveness of the cybersecurity program. The Board and Audit Committee also engage directly with senior leaders from the Information Technology department.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board of Directors oversees Mosaic’s Enterprise Risk Management program, and the Audit Committee is tasked with oversight of risk from cybersecurity threats. The Board receives an annual cybersecurity update while the Audit Committee receives reports from the Chief Information Security Officer (CISO”) and Chief Information Officer (CIO”) regularly. The reports to the Audit Committee include updates on key performance indicators and key risk indicators, including short-term, intermediate-term and emerging risks. The Audit Committee then briefs the Board on these matters. Ad hoc updates occur as needed
Cybersecurity Risk Role of Management [Text Block]
The Information Technology organization is led by the CIO who is responsible for cybersecurity and risk management, with oversight by the Audit Committee. The cybersecurity program is overseen by the Mosaic’s CISO and supporting
cybersecurity leadership, who lead teams to protect and preserve the confidentiality, integrity and continued availability of all information owned by, or in the care of, Mosaic.The CISO, along with the leadership team, possess many years of relevant Information Technology, cybersecurity and risk management experience in the manufacturing, electric, defense, financial and retail sectors. Educational backgrounds include advanced degrees and certifications, such as Certified Information Systems Security Professional. During the course of leadership team’s careers, they have built and sustained programs protecting other Fortune 500 companies, critical national infrastructure and military defense systems.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO, along with the leadership team, possess many years of relevant Information Technology, cybersecurity and risk management experience in the manufacturing, electric, defense, financial and retail sectors. Educational backgrounds include advanced degrees and certifications, such as Certified Information Systems Security Professional.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The CIO and CISO regularly update the Board and/or the Audit Committee on cybersecurity matters and the effectiveness of the cybersecurity program. The Board and Audit Committee also engage directly with senior leaders from the Information Technology department.